Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Apparatus and method for detecting anomalous traffic

Inactive Publication Date: 2009-05-28
IZEX +1
View PDF6 Cites 147 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

[0007]The present invention is directed to an apparatus and method for detecting anomalous traffic, which analyzes traffic characteristics changeable according to type of network attack rather than a simple statistical analysis based on the amount of traffic, so that it can detect anomalous traffic more accurately and efficiently.

Problems solved by technology

The development of network technology has also brought attacks targeting large scale networks such as distributed denial-of-service attacks or worm viruses, which can cause serious social problems.
However, the conventional method for detecting anomalous traffic, which depends merely on the change in the amount, has a high false alarm rate.
For example, it does not detect network attacks causing an insignificant change in the amount, or determines an excessive data flow in normal traffic as anomalous traffic.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Apparatus and method for detecting anomalous traffic
  • Apparatus and method for detecting anomalous traffic
  • Apparatus and method for detecting anomalous traffic

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0014]The present invention will now be described more fully hereinafter with reference to the accompanying drawings, in which exemplary embodiments of the invention are shown. This invention may, however, be embodied in different forms and should not be construed as limited to the exemplary embodiments set forth herein.

[0015]FIG. 1 is a block diagram illustrating the configuration of an apparatus for detecting anomalous traffic according to an exemplary embodiment of the present invention.

[0016]Referring to FIG. 1, the apparatus 100 for detecting anomalous traffic includes an entropy extraction module 110, a visualization module 120, a graph model experience module 130 and an anomalous traffic detection module 140.

[0017]The entropy extraction module 110 extracts entropy with respect to a source IP address, a source port, a destination IP address and a destination port from network traffic.

[0018]Here, the entropy refers to the uncertainty of a random variable, i.e., measurement of i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

An apparatus and method for detecting anomalous traffic are provided. More particularly, an apparatus and method for detecting anomalous traffic based on entropy of network traffic are provided. The apparatus of detecting anomalous traffic includes: an entropy extraction module for extracting entropy from network traffic; a visualization module for generating an entropy graph based on the entropy; a graph model experience module for updating a graph model for each network attack based on the entropy graph; and an anomalous traffic detection module for detecting anomalous traffic based on the entropy graph and the graph model for each network attack and outputting the detection results to a user. In the apparatus and method, anomalous traffic is detected based on network entropy rather than simple statistics based on the amount of traffic, so that a false alarm rate of the apparatus for detecting anomalous traffic can be reduced.

Description

CROSS-REFERENCE TO RELATED APPLICATION[0001]This application claims priority to and the benefit of Korean Patent Application No. 2007-120935, filed Nov. 26, 2007, the disclosure of which is incorporated herein by reference in its entirety.BACKGROUND[0002]1. Field of the Invention[0003]The present invention relates to an apparatus and method for detecting anomalous traffic, and more particularly, to an apparatus and method for detecting anomalous traffic based on entropy of network traffic.[0004]2. Discussion of Related Art[0005]The development of network technology has also brought attacks targeting large scale networks such as distributed denial-of-service attacks or worm viruses, which can cause serious social problems. A method, in which a change in the number of packets or the amount of bytes is observed using a traffic characteristics analysis technique to detect anomalous traffic, is suggested as a method for detecting a network attack targeting a large scale network.[0006]How...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F15/173
CPCH04L63/1425H04L43/045
Inventor LEE, EUN YOUNGPAEK, SEUNG HYUNPARK, IN SUNGYUN, JOO BEOMSOHN, KI WOOK
Owner IZEX
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com